CVE-2012-2626

EXPLOITED

Plixer Scrutinizer < 9.5.0 - Unauthenticated Administrative Account Creation via admin.cgi userprefs Action

Title source: llm

Exploitation Summary

CVE-2012-2626 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including Mario Ceballos, MC, Jonathan Claudius, Tanya Secker, sinn3r, including a Metasploit module auxiliary/admin/http/scrutinizer_add_user.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in Scrutinizer by sending a crafted POST request to create a new user with administrative privileges without proper authentication.

Description

cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Mario Ceballos · textwebappscgi

https://www.exploit-db.com/exploits/37549

View Code ZIP pw:eip

This exploit demonstrates an authentication bypass vulnerability in Scrutinizer by sending a crafted POST request to create a new user with administrative privileges without proper authentication.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Scrutinizer 9.5.0

No auth needed

Prerequisites: Network access to the target system · Scrutinizer 9.5.0 or potentially other versions

MITRE ATT&CK

T1110.001 - Password Guessing T1552.001 - Credentials In Files

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC

by MC, Jonathan Claudius, Tanya Secker, sinn3r · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/scrutinizer_add_user.rb

View Code ZIP pw:eip

This Metasploit module exploits an authentication bypass vulnerability in Plixer Scrutinizer NetFlow and sFlow Analyzer to add an administrative user without authentication. It sends a crafted POST request to the admin CGI script to create a new user with specified credentials.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Plixer Scrutinizer NetFlow and sFlow Analyzer <= 9.0.1

No auth needed

Prerequisites: Network access to the target · Target running vulnerable version of Plixer Scrutinizer

MITRE ATT&CK

T1110.001 - Password Guessing T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt

Broken Link, Third Party Advisory x_refsource_misc

http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html

Scores

EPSS 0.7598

EPSS Percentile 98.9%

Details

VulnCheck KEV 2024-10-01

CWE

CWE-287

Status published

Products (1)

sonicwall/scrutinizer < 9.5.0

Published Jul 31, 2012

Tracked Since Feb 18, 2026